[Secure-testing-commits] r40093 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Mar 1 14:03:58 UTC 2016
Author: jmm
Date: 2016-03-01 14:03:58 +0000 (Tue, 01 Mar 2016)
New Revision: 40093
Modified:
data/CVE/list
Log:
two additional openssl issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-01 13:38:49 UTC (rev 40092)
+++ data/CVE/list 2016-03-01 14:03:58 UTC (rev 40093)
@@ -6181,19 +6181,24 @@
CVE-2016-0800
RESERVED
- openssl 1.0.0c-2
+ NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://www.drownattack.com/
+ NOTE: GNUTLS never implemented SSLv2
CVE-2016-0799
RESERVED
- openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
NOTE: https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
CVE-2016-0798
RESERVED
- openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
CVE-2016-0797
RESERVED
- openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c
CVE-2016-0796
RESERVED
@@ -6523,13 +6528,19 @@
- openssl <unfixed>
[squeeze] - openssl <not-affected> (vulnerable code not present)
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed
+ NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0704
RESERVED
+ - openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0703
RESERVED
- openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0702
RESERVED
+ - openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0701 (The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 ...)
- openssl 1.0.2f-2
[jessie] - openssl <not-affected> (Only affects 1.0.2)
More information about the Secure-testing-commits
mailing list